2 



USER 'V 
ADMINISTRATOR 104\ 



SECURITY 
ADMINISTRATOR 106 



DATABASE 
ADMINISTRATOR 108 



CLIENT 110 



USER 102 



DATABASE SERVER 112 



KEY MANAGEMENT 
FUNCTION 114 



OBFUSCATED 
KEYFILE 116 



KEYFILE 120 



DATABASE 118 



FIG. 1 



CLIENT 110 



202 



DATABASE SERVER 112 



KEY MANAGEMENT 
FUNCTION 114 



OBFUSCATED 
KEYFILE 116 



ENCRYPTION 
FUNCTION 204 



DECRYPTION 
FUNCTION 206 



STORING 
FUNCTION 208 



RETRIEVING 
FUNCTION 210 



FIG. 2 







224 


226 


228 


230 


212 


XXX 


NID 


YYY 


zzz 


214 






















TABLE 218-^ 




232 


234 


236 


238 


999 


DES 


56 


SH1 


216 




















PROFILES 220^ 




240 


242 


244 


246 


226 


KID 


DES 


MD5 

























METADATA 222 J 
DATABASE 118 



RECEIVE REQUEST TO CREATE KEYFILE 
302 



RECEIVE NUMBER OF KEYS TO CREATE 
304 



RECEIVE NAME OF KEYFILE 
306 

1 

RECEIVE RANDOM KEY GENERATOR SEED 
308 



GENERATE KEYS Ab 

3' 


JD KEY IDENTIFIERS 
10 






STORE KEYFILE 
312 




MOVE OBFUSCATED KEYFILE TO SERVER 
314 


O 

FIG. 


JD ^ 

.3 



( START ) 



RECEIVE REQUEST TO CREATE A PROFILE 
402 



RECEIVE NAME OF PROFILE TO CREATE 
404 



RECEIVE ALGORITHM TO USE 
406 



RECEIVE KEY LENGTH TO USE 
408 



RECEIVE INTEGRITY TO USE 
410 



CREATE PROFILE 
412 



STORE PROFILE IN PROFILE TABLE 
414 



^ END ^ 



FIG. 4 




ENCRYF 
5' 


>T DATA I 







DECRYPT DATA 
514 



STORE CIPHER-TEXT DATA 
520 



STORE PARAMETERS IN METADATA 
522 



CED FIG. 5 



RECEIVE CLEAR-TEXT FROM CLIENT 
602 




RETRIEVE ENCRYPTION PARAMETERS 
608 



I 



RETRIEVE ENCRYPTION KEY 
609 



ENCRYPT THE DATA 
610 



STORE DATA IN DATABASE 
612 



Q END ^ 



FIG. 6 



RECEIVE REQUEST FOR DATA FROM CLIENT 
702 




RETRIEVE THE DECRYPTION KEY 
711 



DECRYPT THE DATA 
712 



J 



RETURN DATA TO CLIENT 
714 




3 








END 



FIG. 7 



